njrat | 709d01e2059255e29bf003d6b94cd2514b2fad1c7760d06cc3c1d52ffb0fb512 | Triage

Sharing

General

Target

709d01e2059255e29bf003d6b94cd2514b2fad1c7760d06cc3c1d52ffb0fb512
Size

903KB
Sample

241122-a5vjpsxjcp
MD5

bd5494546a6eeb7543f728c32b23eca6
SHA1

a7269d4e1357a79aac11f8b670122b943cf2c137
SHA256

709d01e2059255e29bf003d6b94cd2514b2fad1c7760d06cc3c1d52ffb0fb512
SHA512

f3b691414f913c83011ae165287bba1211195489724dd69448a8f53d70f30510a34a377278ad1d373dcba317bd8516afd97911a8d3f09f3f669da4cad5ba0f05
SSDEEP

3072:HEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEAZ:HRRRRRRRRRRRRRRRRRRRRJ

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

com-elephant.gl.at.ply.gg:63355

Mutex

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  709d01e2059255e29bf003d6b94cd2514b2fad1c7760d06cc3c1d52ffb0fb512
- Size
  
  903KB
- MD5
  
  bd5494546a6eeb7543f728c32b23eca6
- SHA1
  
  a7269d4e1357a79aac11f8b670122b943cf2c137
- SHA256
  
  709d01e2059255e29bf003d6b94cd2514b2fad1c7760d06cc3c1d52ffb0fb512
- SHA512
  
  f3b691414f913c83011ae165287bba1211195489724dd69448a8f53d70f30510a34a377278ad1d373dcba317bd8516afd97911a8d3f09f3f669da4cad5ba0f05
- SSDEEP
  
  3072:HEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEA93TEAZ:HRRRRRRRRRRRRRRRRRRRRJ
Score

10^/10

njrat hacked discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

njrathackeddiscoverypersistencetrojan